[M-1] Clearly there is fee on transfer on the OUSGInstantManager::_mint and OUSGInstantManager::_redeem functions
Description the OUSGInstantManager::_mint and OUSGInstantManager::_redeem functions will charge a fee on the transfer Contrary to what was said in docs. it should be clearly mentioned in the docs that there is a fee on transfer.
Impact Breaking the functionality of the protocol Contrary to what was said in the docs. it just breaks the logic of the function and operate in a different way than what was said in the docs.
Proof of Concept: every time a user or a role wants to call the mint or redeem functions (or any other function that calls the _redeem and _mint functions) they will be charged a fee.
Recommend Mitigation mention this thing in the docs and known issues and modify and review the ERC20 token behaviors chart.
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L278 https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L388
Vulnerability details
[M-1] Clearly there is fee on transfer on the
OUSGInstantManager::_mint
andOUSGInstantManager::_redeem
functionsDescription the
OUSGInstantManager::_mint
andOUSGInstantManager::_redeem
functions will charge a fee on the transfer Contrary to what was said in docs. it should be clearly mentioned in the docs that there is a fee on transfer.Impact Breaking the functionality of the protocol Contrary to what was said in the docs. it just breaks the logic of the function and operate in a different way than what was said in the docs.
Proof of Concept: every time a user or a role wants to call the
mint
orredeem
functions (or any other function that calls the_redeem
and_mint
functions) they will be charged a fee.Recommend Mitigation mention this thing in the docs and known issues and modify and review the ERC20 token behaviors chart.
Assessed type
ETH-Transfer